TWI644556B - Know your customer (kyc) data sharing system with privacy and method thereof - Google Patents

Abstract

A hidden KYC data sharing system and method thereof, which provide KYC data to the right side by the client for encryption, signature and distribution to the blockchain network, and execute the smart contract on the blockchain network, Enable the client, the authority and the financial terminal to execute the smart contract function and detect the smart contract event, so that when the financial side requests to query the KYC data, the client can set the authorization authority for different data items, and then the financial side Receive the authorized data items directly through the client, and then verify whether the data items are certified by the authority to determine whether to review, to improve the confidentiality, usability and content uniformity of the KYC data.

Description

Hidden KYC data sharing system and method thereof

The invention relates to a data sharing system and a method thereof, in particular to a hidden KYC data sharing system and a method thereof.

In recent years, with the promotion and vigorous development of financial technology, various applications based on financial technology have sprung up. However, in order to provide suitable financial products to customers and even avoid money laundering, financial institutions will require customers to fill out one. Information on "Know Your Customer (KYC)".

In general, financial institutions can understand the customer's ability to withstand investment risks based on KYC data, and then provide appropriate financial products, as well as customer identity certification, background and credit record checks. However, since every financial institution will require KYC information to be filled in. When there are a large number of financial institutions, repeated filling of KYC data of the same content will cause confusion and inconvenience to customers, because it is impossible to fill out only one KYC information for all financial institutions. Used, it has the problem of poor usability of KYC data. In addition, the content of KYC materials filled in at different time points may not be the same, resulting in poor uniformity of content.

In view of this, there are manufacturers who propose to store KYC data on the client's technical means to provide customers with access to financial institutions. However, this approach requires financial institutions to cooperate, and it is also unable to solve KYC data at different points in time, and its content may not be the same. In addition, some people have proposed to store KYC data in the cloud for financial institutions to share. However, KYC data stored in the cloud is easily falsified, so how to make financial institutions trust KYC data stored in the cloud is a big problem, and it is a problem. KYC data in the cloud is also prone to privacy leaks.

In summary, it can be seen that the prior art has long been a problem of the confidentiality, usability, and unsatisfactory content of KYC data. Therefore, it is necessary to propose improved technical means to solve this problem.

The invention discloses a hidden KYC data sharing system and a method thereof.

First of all, the present invention discloses a hidden KYC data sharing system, which is applied to a blockchain network that executes a smart contract. The system includes: an authority, a client, and a financial terminal. The authority side includes: an initial module, a verification module, and a registration module. The initial module is used to initially issue a KYC data registration contract through a blockchain transaction to provide registration and update of a KYC data contract, and to issue a KYC data through a blockchain transaction to request a registration contract to provide registration and record KYC. A data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event; and the verification module is configured to receive KYC data for verification The KYC data includes a plurality of data items, and each of the verified KYC data is encrypted according to the client public key to generate a corresponding first encrypted content, and then each data is based on the right and left private key. The hash value of the item is signed to generate the corresponding hash signature value; the registration module is used to issue the account address, the first encrypted content of each data item, and the hash signature value of each data item through the blockchain transaction. KYC data contract, and obtain the corresponding KYC data contract address, and register this KYC data contract address in KYC Registration contract for registered event trigger data generated registration completion notification.

Then, the client includes: a generating module, a detecting module, and an encryption and decryption module. The generating module is configured to generate KYC data, and the KYC data is transmitted to the right side; the detecting module is configured to continuously detect the data request notification, and when the data request notification is detected and the account address and the address thereof are included After one of the clients meets, the matching client reads the KYC data contract of the corresponding client from the blockchain network to obtain the account address, the first encrypted content of each data item, and each data item. The hash signature value, and allows permission to set each data item; the encryption and decryption module is used to decrypt the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generate a group The key encrypts each decrypted data item to generate a corresponding second encrypted content, and then encrypts the group key with the financial side public key to generate a set of encryption keys, and transmits a second encryption of each data item. The content, the hash signature value of each data item, and the set of encryption keys are used to trigger an authorization response event to generate an authorization response notification.

The financial terminal includes: a request module, a receiving module, and a review module. The requesting module is configured to, when requesting the KYC data of the client, issue a KYC data request contract corresponding to the client through a blockchain transaction, and register the KYC data request contract in the KYC data request registration contract, The trigger request registration event generates a data request notification; the receiving module is configured to continuously detect the KYC data request registration contract authorization response event, and when the authorization response event is triggered to generate the authorization response notification, receive the second encrypted content of each data item, a hash signature value of each data item and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting the second encryption of each data item with the set of keys The content review module is configured to perform the verification of the hash value and the signature of each data item that has been decrypted according to the public key of the authority and the hash signature value of each data item, and verify and confirm the hash signature. When the value is generated by the authority, each data item that has been decrypted is reviewed.

In addition, the present invention discloses a hidden KYC data sharing method, which is applied to a blockchain network that executes a smart contract, and the steps include: the rights and obligations end to issue a KYC data registration contract through the blockchain transaction at the initial time. Provide registration and update of KYC data contracts, and issue KYC information through blockchain transactions to request registration contracts to provide registration and record KYC data request contracts. The KYC data registration contract includes data registration events and data update events, and KYC materials request registration contracts. The request registration event and the authorization response event are included; the client generates the corresponding KYC data, and transmits the KYC data to the authority side, the KYC data includes multiple data items; the authority verifies the received KYC data, and according to the client public The key respectively encrypts each data item in the verified KYC data to generate a corresponding first encrypted content, and then generates a corresponding hash signature value according to the hash value of each data item according to the right and left private key; The rights and responsibilities end through the blockchain transaction, including the account address, the first encrypted content of each data item, and each The KYC data contract of the hash sign value of the item, and the corresponding KYC data contract address, and the KYC data contract address are registered in the KYC data registration contract to trigger the registration of the data registration event to generate the registration completion notice; When requesting the KYC data of the client, the KYC data request contract corresponding to the client is issued through the blockchain transaction, and the KYC data request contract is registered in the KYC data request registration contract to trigger the request registration event to generate the data request notification; the client Detect After the data request notification is detected and the account address included therein matches one of the clients, the matching client reads the KYC data contract of the corresponding client from the blockchain network to obtain the account address, each The first encrypted content of a data item and the hash signature value of each data item, and allows the authorization authority of each data item to be set; the client obtains the first item of each data item according to the authorization authority and the client private key pair. Decrypting the encrypted content and generating a set of keys to add each decrypted data item Generating a corresponding second encrypted content, and then encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and The group encryption key generates an authorization response notification by triggering the authorization response event; the financial terminal continuously detects the authorization response event of the KYC data request registration contract, and receives the second authorization of each data item after the authorization response event is triggered to generate the authorization response notification. Encrypting the content, the hash signature value of each data item, and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting each data item with the group key The second encrypted content; the financial end performs the verification of the hash value and the signature on each data item that has been decrypted according to the public key of the right and the public and the hash signature value of each data item, and passes the verification and confirms the hash signature When the value is generated by the authority, each data item that has been decrypted is reviewed.

The system and method disclosed in the present invention are as above, and the difference from the prior art is that the present invention provides KYC data to the right side through the client for encryption, signature and distribution to the blockchain network, and in the blockchain network. Execute smart contracts on the road, enabling clients, authorities, and financial terminals to execute smart contract functions and detect smart contract events, so that when the financial side requests to query KYC data, the client can set authorization rights for different data items. Then, the financial terminal directly receives the authorized data item through the client, and then verifies whether the data item is authenticated by the authority to determine whether to review.

Through the above technical means, the present invention can achieve the technical effect of improving the confidentiality, usability and content uniformity of KYC data.

The embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, so that the application of the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.

Before describing the cryptographic KYC data sharing system and method thereof disclosed in the present invention, the environment to which the present invention is applied will be described. The present invention is applied to a blockchain network that executes smart contracts in a block. The computer devices in the chain network can be regarded as blockchain nodes, which are connected by peer-to-peer (Peer to Peer) and used to process blockchain transactions. In practical implementation, the computer device can be a server, a computer host, a notebook computer, a tablet computer, etc., for executing computer program instructions, such as the blockchain program "Ethereum". In addition, the smart contract refers to a computer program that drives an execution instruction according to a predetermined condition and transmitted information. In actual implementation, the smart contract is through a programming language such as Solidity, Serpent, LLL, EtherScript, Sidechain, etc. To write, it can contain a variety of different functions, events, parameter states, etc., using the blockchain program "Ethereum" as an example, its smart contract is compiled to obtain binary encoding and application binary interface (Application Binary Interface, ABI), in order to broadcast the smart contract to the blockchain network, waiting for the miner (Miner) to put the smart contract on the blockchain and get the corresponding address, thus completing the "release" of the smart contract. After that, the blockchain network node can execute the corresponding smart contract according to the address, and change the state of the smart contract on the blockchain by different instructions. In particular, the "KYC Data Registration Contract", "KYC Data Contract", "KYC Data Request Registration Contract", "KYC Data Request Contract", "KYC Rating Contract", "KYC Rating", etc. Contracts such as "Contracts", "KYC Execution Registration Contracts", "KYC Data Execution Contracts" and "Account Linkage Contracts" are all smart contracts. As mentioned in the text, "registration" refers to the function in the execution of smart contracts. To establish an address correspondence between different smart contracts, the following is a brief description of each of the aforementioned smart contracts:

1. The KYC data contract is used to record the customer's KYC data. In actual implementation, each data item of the KYC data is encrypted by the client's public key, and the corresponding hash value is calculated by the hash algorithm. Then, the hash value of the calculated hash value is stored after the signature of the right key, that is, the KYC data contract does not store the clear code of the KYC data, but stores the encrypted data item, and after the hash and signature. The value, in fact, the KYC data contract also contains the customer's account address, such as: public key. In actual implementation, the KYC data contract includes a function such as "setData()", and is used to bring in the "code of the data item of the KYC data", "the first encrypted content of each data item", " Parameters such as the hash value of each data item and the hash signature value of each data item.

2. The KYC data registration contract is used for the registration of KYC data contracts and provides related events (ie: data registration events, data update events). In actual implementation, the KYC rating contract can be generated through the function at the same time as the KYC data contract is registered, and registered in the KYC rating registration contract, so that the authorized financial terminal can evaluate and mark the corresponding customers. The KYC data registration contract contains functions such as "registerKYCData()" and "updateKYCData()". Both functions are brought into the address and account address of the KYC data contract, and execution of these two functions will trigger Corresponding events, such as "KYCDataDidRegister" and "KYCDataDidUpdate", are triggered when a KYC data contract is registered, and the latter is triggered when the KYC data contract is updated.

3. The KYC data request contract is used for the financial terminal to initiate a request to the client to obtain the authorization authority for reviewing the KYC data to the client, that is, the client also requests the contract to reply to the authorization authority through the KYC data. In actual implementation, the KYC data request contract includes functions such as: "addRequest()", "addSignature()", "isApproved()", "approveRequest()", "rejectRequest()", "revokeRequest( ), respectively, for adding "data items that need to be reviewed at the financial end", "financial signing for customers to verify the source of the financial side", "checking whether the financial side has the authority to review the specified data items", "client" Execute if you are authorized to review the request for a specified data item, "The client refuses to review the request for a specified data item", and "The client cancels the authorized authority to review the specified data item."

4. The KYC data request registration contract is used to register and record the financial side's request for reviewing the customer's KYC data, and provide corresponding events to let the customer know that there is a review request, and also let the financial terminal know that there is an authorization status reply or update. In actual implementation, the KYC data request registration contract contains functions such as "requestKYCData()" and "responseKYCDataRequest()", which are used to provide the financial terminal to register the KYC data request contract, and the customer to reply or update the KYC data request contract authorization. After the status, the notification contract has been responded. In addition, the execution of these two functions will trigger the corresponding events, such as: "KYCDataDidRequest" and "KYCDataRequestDidResponse", the former will be triggered when there is a new KYC data request contract registration, notify the client that there is this request, the latter will be in KYC When the authorization status of the data request contract is changed, it is triggered to notify the financial end of the authorization status change.

5. The KYC data execution contract is used to record the KYC processing performed by the financial side. The inclusion function is “executeKyc()”, which is used to sign the designated data items of the KYC data after the financial side, and each data item must be signed. Independent signature.

6. KYC executes the registration contract to record the execution result of the KYC data execution contract, which includes the function "registerKYCExecution()".

7. The KYC rating contract is used for the financial side to record customer ratings and risk marks. The inclusion functions such as "addNotes()", "addFlag()" and "addRating()" are used to "add new Financial end-to-customer notes, "adding new financial end-to-customer risk marks" and "adding financial end to customer ratings."

8. The KYC rating registration contract is used to provide a registered KYC rating contract, which includes a function such as "register()", which completes the registration of the KYC rating contract by entering the address of the KYC rating contract.

Nine, account link, for customers to bind multiple account addresses in order to achieve privacy, and use the signature to encrypt the stored account address, which can contain functions such as: "addAssociation ()", "removeAssociation ()" And "getAssociation()", which are used to perform the process of "adding a new signature", "removing a signed signature", and "inquiring an account number bound to a signature".

The following is a description of the KYC data sharing system and its method for stealth of the present invention. Please refer to "1" and "1" for the system of the KYC data sharing system with hidden privacy. The block diagram is applied to the blockchain network 10 that executes the smart contract. The system includes: the rights holder 100, the client 110, and the financial terminal 120. Among them, the part of the authority side 100, which may be a government authority or a legally authorized unit of the government, is intended to provide a KYC data service for verifying a natural person or organization (for example, verifying that the information is correct), in fact, the responsibility The terminal 100 is connected to the blockchain network 10 as a blockchain node. The rights end 100 includes an initial module 101, a verification module 102, and a registration module 103. The initial module 101 is used to initially issue a KYC data registration contract through a blockchain transaction to provide registration and update of a KYC data contract, and to issue a KYC data through a blockchain transaction to request a registration contract to provide registration and record KYC data. The request contract, wherein the KYC data registration contract includes a data registration event and a data update event, and the KYC data request registration contract includes a request registration event and an authorization response event. When a KYC data registration contract is registered to register a KYC data contract, this registration function triggers a data registration event, that is, when a new KYC data contract is registered, the data registration event is triggered; When the KYC data registration contract update function updates the KYC data contract, this update function will trigger the data update event, that is, when the existing KYC data contract is updated, the data update event will be triggered.

In actual implementation, the information stored in the KYC data contract includes "customer's account address", "encrypted content of each data item (ie: first encrypted content)" and "multiple signatures processed by hash and signature" The value of the client's account address can be presented in the form of a public key; the encrypted content is generated by the client's public key encryption; the signature is implemented by the rights and responsibilities of the private key. In addition, the initial module 101 can also issue a KYC execution registration contract for recording the execution result of the KYC data execution contract through the blockchain transaction, and the KYC data execution contract records each data item and its signature reviewed by the financial terminal 120. . In this way, by verifying the signature, it is known which financial terminal 120 has reviewed the KYC data. In addition, the rights terminal 100 may also issue an account connection contract through the blockchain transaction to store all account addresses corresponding to each client 110, so that all account addresses correspond to the same KYC data, and If the account address is allowed to be added or deleted, then after the financial terminal 120 verifies the account address and confirms that it is generated by the client 110, the same KYC data can be allowed to be received at different account addresses. In other words, the client 110 can use the different account addresses to cause the financial terminal 120 to perform KYC processing, and even avoid the identity of the client 110 by the account address.

The verification module 102 is configured to receive KYC data for verification. The KYC data includes a plurality of data items, such as: name, identity card number, gender, etc., and each of the verified KYC materials according to the client public key. A data item is encrypted to generate a corresponding first encrypted content, and then the hash value of each data item is signed according to the private key of the right to generate a corresponding hash signature value. In actual implementation, each data item has a corresponding code, such as: the code of the identity card number is "ID", the property certificate code is "WEALTH_PROOF" and so on. In addition, the public key mentioned in the text (such as the client public key) and the private key (such as the rights-of-rights private key) can be provided through the certificate issued by the third-party public certificate unit (for example, the Taiwan Network Certification Center). .

The registration module 103 is configured to issue a KYC data contract including an account address, a first encrypted content of each data item, and a hash signature value of each data item through the blockchain transaction, and obtain a corresponding KYC data contract address, and The KYC data contract address is registered in the KYC data registration contract to trigger the registration of the data registration event to generate a registration completion notice. In actual implementation, while registering a new KYC data contract, the KYC rating contract corresponding to the client 110 can be released through the blockchain transaction, and the KYC rating contract address of the KYC rating contract is registered to the initial module. The pre-release KYC rating registration contract is used to allow the financial terminal 120 that obtains the authorization authority to rate and risk the KYC data of the corresponding client 110. For example, the rating can be a credit score; the risk marker can be noted as a warning account.

In actual implementation, the rights-side 100 may further include an update module 104 for obtaining a KYC data contract corresponding to the KYC data according to the KYC data registration contract after the KYC data is updated, and triggering the data update event to generate an update completion notification. That is, when the existing KYC data in the blockchain is updated, the data update event of the KYC data registration contract is triggered to notify the blockchain node in the blockchain network 10.

In a portion of the client 110, the client 110 itself may be provided by a blockchain node or by a third party (eg, the rights holder 100, the financial terminal 120, or any service provider that has permission to connect to the blockchain node) The blockchain node service, in other words, the client 110 can directly or indirectly connect to the blockchain network 10 using the blockchain node to detect smart contract events, wherein "direct" means that the client 110 itself It is a blockchain node in the blockchain network 10, which uses a blockchain client program to connect to the blockchain network 10; as for "indirect", it refers to the use of third-party integration services, such as financial institutions providing block-based blocks. Wallet service for chain nodes. Assuming that the client 110 itself is a blockchain node, the "Request Registration Event" of the "KYC Data Request Registration Contract" will be directly monitored. When the request registration event is triggered, it is checked whether the KYC data request contract is initiated for the client 110. If yes, notify the client to process; assuming that the client 110 is a blockchain node service provided by a third party, then a monitoring address is required to monitor the request registration event of the KYC data request registration contract, when the registered KYC data request contract is For the customer of the service, the customer is notified to process the KYC data request contract, and the notification method can be achieved through the mobile application, email, telephone, and the like.

As described above, each client 110 includes a generation module 111, a detection module 112, and an encryption and decryption module 113. The generating module 111 is configured to generate KYC data, for example, providing a Graphical User Interface (GUI) for the customer to input and use as KYC data, and transmitting the KYC data to the rights holder 100 for authorization. The responsible party 100 encrypts, signs, and issues the corresponding KYC data contract to the blockchain network 10.

The detecting module 112 is configured to continuously detect the data request notification. When the data request notification is detected and the account address included therein matches one of the clients, the matching client 110 is self-blockchain network. The KYC data contract corresponding to the client 110 is read in 10 to obtain the account address therein, the first encrypted content of each data item, and the hash signature value of each data item, and allows the authorization authority of each data item to be set. In actual implementation, the setting authorization authority is to set a corresponding authorization authority for each data item, such as: permission, rejection, cancellation, and the like.

The encryption and decryption module 113 is configured to decrypt the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generate a set of keys to encrypt each data item after decryption to generate a corresponding first Encrypting the content, encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and the group encryption key The key generates an authorization response notification by triggering an authorization response event. In practice, a method of generating a set of keys can be generated by using a Symmetric Encryption algorithm and used for encryption and decryption simultaneously, and a key is generated by using an Asymmetric Encryption algorithm. The former can improve the efficiency of encryption and decryption processing of each data item. In fact, the difference between the first encrypted content and the second encrypted content is only that the former is encrypted by the client public key, and the latter is encrypted by the key. In particular, the purpose of additionally generating a set of keys to encrypt the data items rather than directly encrypting the data items using the client private key is to provide the data items to the designated financial terminal 120 to avoid having the same client. Other blockchain nodes of the key can also decrypt the data item.

Then, in the part of the financial terminal 120, the financial terminal 120 must be connected to the right-of-charge terminal 100, and must also be connected to the blockchain network 10 as a blockchain node. Each financial terminal 120 includes: a request module 121. The receiving module 122 and the review module 123. The request module 121 is configured to issue a KYC data request contract corresponding to the client 110 through the blockchain transaction when requesting the KYC data of the client 110, and register the KYC data request contract in the KYC data request registration. In the contract, the data request notification is triggered to trigger the request registration event. In this way, the client 110 can know whether the financial terminal 120 has requested KYC data from it by detecting whether the request registration event is triggered. In actual implementation, the data request notification may include: "account address of the client 110", "code of the data item", and "signature of the financial terminal 120".

The receiving module 122 is configured to continuously detect an authorization response event of the KYC data request registration contract, and receive the second encrypted content of each data item and the hash signature of each data item when the authorization response event is triggered to generate an authorization response notification. The value and the set of encryption keys, and decrypting the set of encryption keys with the financial side private key to obtain a set of keys, and then decrypting the second encrypted content of each data item with the set of keys. Since the encryption key can only be decrypted by the financial side private key, only the blockchain node (ie, the designated financial terminal 120) having the financial side private key can obtain the group key by decrypting, and then reuse the group key. The second encrypted content is decrypted to obtain an unencrypted data item, thereby ensuring the confidentiality of the data item.

The review module 123 is configured to perform the verification of the hash value and the signature of each data item that has been decrypted according to the public key of the right side and the hash signature value of each data item, and verify and confirm the hash signature value. When generated by the authority 100, each data item that has been decrypted is reviewed. In actual implementation, since the "hybrid signature value" is generated by using the "right duty private key" to sign the "heavy value", the financial terminal 120 can use the basis when verifying the "hybrid signature value". The "heavy value" calculated by the data item is combined with the "mixed signature value" to calculate the "rights and public key", and then the calculated "rights and public key" and the known "right public key" For comparison, if the comparison result is the same, the data has not been tampered with, and it is confirmed that the "hybrid signature value" is generated by the right-hand side 100, so the hash value and its signature are verified, otherwise, if the "rights and responsibilities" If the key is different, it means that the data has been tampered with or the hash signature value is not generated by the authority 100, so the hash value and the verification of the signature are not passed.

Next, please refer to "2A" to "2C", "2A" to "2C" are flowcharts of the method for stealing KYC data sharing method of the present invention, which are applied to execute smart contracts. The blockchain network 10, the steps include: the rights terminal 100 initially issues a KYC data registration contract through the blockchain transaction to provide registration and update of the KYC data contract, and issues a KYC data request for registration through the blockchain transaction. To provide a registration and record KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event (step 210); the client 110 generates a corresponding KYC Data, and the KYC data is transmitted to the rights holder 100, the KYC data includes a plurality of data items (step 220); the rights side 100 verifies the received KYC data, and separately passes the verified KYC data according to the client public key. Each data item is encrypted to generate a corresponding first encrypted content, and then the hash value of each data item is signed according to the private key of the right and responsible side to generate a corresponding The hash sign value (step 230); the rights end 100 issues a KYC data contract including the account address, the first encrypted content of each data item, and the hash signature value of each data item through the blockchain transaction, and obtains Corresponding KYC data contract address, and registering the KYC data contract address in the KYC data registration contract for triggering the data registration event to generate a registration completion notification (step 240); when the financial terminal 120 requests the KYC data of the client 110, The KYC data request contract corresponding to the client 110 is issued through the blockchain transaction, and the KYC data request contract is registered in the KYC data request registration contract to trigger the request registration event to generate the data request notification (step 250); the client 110 detects After the data request notification is detected and the account address included therein matches one of the clients 110, the matching client 110 reads the KYC data contract of the corresponding client 110 from the blockchain network 10 to obtain the data. Account address, the first encrypted content of each data item, and the hash signature value of each data item, and allows each data item to be set. Authorization authority (step 260); the client 110 decrypts the first encrypted content of each data item obtained according to the authorization authority and the client private key, and generates a set of keys to encrypt each decrypted data item. Generating a corresponding second encrypted content, and then encrypting the group key with the financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and The group encryption key generates an authorization response notification by triggering the authorization response event (step 270); the financial terminal 120 continuously detects the authorization response event of the KYC data request registration contract, and receives each of the authorization response events after the authorization response event is triggered to generate an authorization response notification. a second encrypted content of the data item, a hash signature value of each data item, and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain a set of keys, and then decrypting the set of keys The second encrypted content of each data item (step 280); the financial end 120 pairs each of the decrypted ones according to the public key of the right side and the hash signature value of each data item The data item performs the verification of the hash value and the signature, and upon verification and confirmation that the hash signature value is generated by the rights holder 100, each of the decrypted data items is reviewed (step 290). Through the above steps, the KYC data can be provided to the rights holder 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and the smart contract is executed on the blockchain network 10 to enable the client. 110. The rights side 100 and the financial side 120 can execute the function of the smart contract and detect the event of the smart contract, so that when the financial side requests to query the KYC data, the client 110 can set the authorization authority for different data items, and then by the financial The terminal 120 receives the authorized data item directly through the client 110, and then verifies whether the data item is authenticated by the authority 100 to determine whether to review.

In particular, after step 240, after the KYC data update is completed, the KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and the data update event is triggered to generate an update completion notification (step 241), so that All nodes of the blockchain network 10 are able to know that the KYC data has been updated by detecting an update completion notification. Then, after the step 290, if the rights end 100 is initially, the KYC execution registration contract is issued through the blockchain transaction to record the execution result of the KYC data execution contract, and the KYC data execution contract record is reviewed by the financial terminal 120. Each data item and its signature (step 291). In addition, the authority 100 can also issue an account connection contract through the blockchain transaction at the initial time to store all the account addresses corresponding to each client 110, so that all account addresses correspond to the same KYC data, and allow new or The account address is deleted, and after the financial terminal 120 verifies the account address, the same KYC data is allowed to be received with a different account address (step 292). In this way, the customer can bind multiple account addresses, reduce the chance of identifying the customer through the account address, and help to improve privacy.

The following description will be made by way of example with reference to "3rd" to "5th". Please refer to "3rd" and "3rd" for a schematic diagram of uploading KYC data by applying the present invention. Assuming that the client 110 wants to upload KYC data, the client located at the client 110 can open the edit window 300, and type the customer's own KYC data in the data input block 310, such as: name, identity card number, etc., and click to save. The component 312 stores the KYC data. If the KYC data is to be modified, the editing component 311 can also be selected for editing. Next, the stored KYC data can be transmitted to the rights holder 100 through the click transmission component 313, so that the rights terminal 100 issues the corresponding KYC data contract through the blockchain transaction according to the KYC data.

As shown in Figure 4, Figure 4 is a schematic diagram of the application of the present invention to the rights-side encryption and signature data items. When the rights holder 100 receives the KYC data 400 transmitted by the client 110, the rights holder 100 encrypts each data item separately using the client public key to generate a corresponding first encrypted content 410, and also uses a hash calculation. The method, such as MD5, SHA-1, SHA-256, etc., performs a hash calculation on each data item to obtain a corresponding hash value 420, and then hashes the hash value 420 with the right private key to generate a hash. Signature value 430. Next, the rights holder 100 can issue a KYC data contract including an account address (eg, a client public key), a first encrypted content 410, and a hashed signature value 430 through the blockchain transaction. In this way, after the transaction verification is completed for a period of time, all the blockchain nodes in the blockchain network 10 have their own KYC data contract and obtain the KYC data contract address corresponding to the contract. . Next, register the KYC data contract address in the KYC data registration contract, and trigger the data registration event to generate a registration completion notice. At this point, the release and registration of the KYC data contract is completed.

As shown in "figure 5", "figure 5" is a schematic diagram of encryption and decryption performed on the client by applying the present invention. When the client 110 detects that the financial terminal 120 triggers the request registration event, it assumes that the client 110 compares with the account address and finds that it is the same as its own account address, and the financial terminal 120 wants to request KYC data from itself, so the client 110 will The corresponding KYC data contract is read to obtain an account number therein, a first encrypted content 410 for each data item, and a hash signature value 430 for each data item. Next, the customer is allowed to set authorization rights for each data item, such as: allow, deny, cancel, etc., for example, if the client wants to authorize the financial terminal 120 to review the name in the KYC data, the user interface can be accessed through the graphical user interface. Set to "Allow", if not, the customer can be set to "Reject", or if you want to cancel the original authorization, the customer can set it to "Cancel".

Next, the client 110 can decrypt the first encrypted content 410 according to the authorization authority and the client private key to obtain the decrypted content 500, and then generate a set of keys by using the symmetric encryption algorithm to transmit the set of keys. The decrypted content 500 is encrypted to generate a second encrypted content 510, while the hash signature value 430 remains unchanged. Thereafter, the group key is encrypted using the financial side public key of the requesting financial terminal 120 to generate a corresponding encryption key to ensure that only the requesting financial terminal 120 can decrypt using its financial end private key to obtain this. The group key, in other words, can ensure that the second encrypted content 510 can only be decrypted by the requesting financial terminal 120 using the set of keys. Finally, the client 110 transmits the second encrypted content 510, the hash signature value 430, and the encryption key to trigger an authorization response event to generate an authorization response notification. After detecting the authorization response notification, the financial terminal 120 knows that the request has been responded by the client 110, and then receives the second encrypted content 510, the hash signature value 430, and the encryption key, and then transmits the financial private key pair. The encryption key is decrypted to obtain a set of keys, and the second encrypted content 510 is decrypted with the set of keys to obtain the KYC data of the customer.

Next, in order to ensure the correctness of the KYC data and has not been tampered with, the financial terminal 120 calculates the hash value of each data item of the KYC data obtained by decrypting the second encrypted content 510, and uses the hash value and the hash value. The signature 430 calculates the authority public key in a pushback manner. If the calculated authority public key is a known authority public key, it represents: 1. The hash signature value 430 is generated by the rights holder 100. . Second, the hash sign value 430 is generated by the hash value of the KYC data, which means that the KYC data has not been tampered with. That is to say, it is assumed that the calculated hash value and the hash signature value can be calculated by using the pushback method to calculate the public key of the right side, that is, the KYC data is authenticated by the authority 100, then the financial terminal 120 will Review each data item that has been decrypted.

In summary, it can be seen that the difference between the present invention and the prior art is that the KYC data is provided to the rights holder 100 through the client 110 for encryption, signature and distribution to the blockchain network 10, and in the blockchain network. The smart contract is executed on the road 10, so that the client 110, the rights holder 100 and the financial terminal 120 can execute the function of the smart contract and detect the event of the smart contract, so that when the financial side requests to query the KYC data, the client 110 can Different data items are set to authorize the rights, and then the financial terminal 120 directly receives the authorized data items through the client 110, and then verifies whether the data items are authenticated by the authority 100 to determine whether to review, and the prior art can be solved by using a technical means. The existing problems, in turn, achieve the technical effect of improving the confidentiality, usability and content uniformity of KYC data.

While the present invention has been described above in the foregoing embodiments, it is not intended to limit the invention, and the invention may be modified and modified without departing from the spirit and scope of the invention. The scope of patent protection shall be subject to the definition of the scope of the patent application attached to this specification.

10‧‧‧ Blockchain network

100‧‧‧rights

101‧‧‧ initial module

102‧‧‧ verification module

103‧‧‧ Registration Module

104‧‧‧Update Module

110‧‧‧Client

111‧‧‧Generation module

112‧‧‧Detection module

113‧‧‧Addition and decryption module

120‧‧‧Financial side

121‧‧‧Request module

122‧‧‧ receiving module

123‧‧‧Review module

300‧‧‧Edit window

310‧‧‧Data input block

311‧‧‧editing components

312‧‧‧Storage components

313‧‧‧Transmission components

400‧‧‧KYC information

410‧‧‧First encrypted content

420‧‧‧ hash value

430‧‧‧ hash sign value

500‧‧‧Decrypted content

510‧‧‧Second encrypted content

Step 210‧‧ ‧ At the beginning of the contract, the rights issuer issues a KYC (Know Your Customer) data registration contract through the blockchain transaction to provide registration and update of at least one KYC data contract, and issue a KYC data request through the blockchain transaction. The registration contract provides for registration and recording of at least one KYC data request contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event

Step 220‧‧‧ The client generates the corresponding KYC data, and transmits the KYC data to the rights side, the KYC data includes multiple data items

Step 230‧‧ The right end verifies the received KYC data, and encrypts each data item in the verified KYC data according to a client public key to generate a corresponding first encrypted content, and then Signing the hash value of each data item according to a weighted private key to generate a corresponding hash signature value

Step 240‧‧ The right end of the KYC data contract containing the account address, the first encrypted content of each data item, and the hash signature value of each data item is transmitted through the blockchain transaction, and the corresponding contract is obtained. a KYC data contract address, and the KYC data contract address is registered in the KYC data registration contract to trigger the registration of the data to generate a registration completion notice

Step 241‧‧‧ After the KYC data is updated, the KYC data contract corresponding to the KYC data is obtained according to the KYC data registration contract, and the data update event is triggered to generate an update completion notification.

Step 250‧ ‧ The financial terminal issues the KYC data request contract corresponding to the client through the blockchain transaction when requesting the KYC data of the client, and registers the KYC data request contract in the KYC data request In the registration contract, a data request notification is generated to trigger the request registration event

Step 260‧‧‧ The client detects the data request notification and the account address included in the account matches one of the clients, and the matching client reads from the blockchain network Corresponding to the KYC data contract of the client to obtain the account address, the first encrypted content of each data item, and the hash signature value of each data item, and allow an authorization authority for each data item to be set.

Step 270 ‧ ‧ the client decrypts the first encrypted content of each data item obtained according to the authorization authority and a client private key, and generates a set of keys for each decrypted data item Encrypting generates a corresponding second encrypted content, and encrypting the set of keys with a financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the data item of each data item The hash signature value and the set of encryption keys to trigger the authorization response event to generate an authorization response notification

Step 280‧‧ The financial terminal continuously detects the authorization response event of the KYC data request registration contract, and when the authorization response event is triggered to generate the authorization response notification, receiving the second encrypted content of each data item, The hash signature value of each data item and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain the set of keys, and decrypting each data item with the set of keys Second encrypted content

Step 290‧‧ The financial terminal performs the verification of the hash value and the signature on each data item that has been decrypted according to the weighted public key and the hash signature value of each data item, and is verified and Confirm that the hash signature value is generated by the authority, and review each data item that has been decrypted.

Step 291 ‧ ‧ The responsibilities at the initial stage, a KYC execution registration contract is issued through the blockchain transaction for recording the execution result of at least one KYC data execution contract, the KYC data execution contract record Every data item and its signature

Step 292 ‧ ‧ </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> Allowing to add or delete the account address, and after verifying the account address by the financial terminal, allowing the same KYC data to be received with different account addresses

1 is a system block diagram of a hidden KYC data sharing system of the present invention. 2A to 2C are flowcharts showing the method of the hidden KYC data sharing method of the present invention. Figure 3 is a schematic diagram of uploading KYC data by applying the present invention. Figure 4 is a schematic diagram of the application of the present invention to the rights-side encryption and signature data items. Figure 5 is a schematic diagram of the encryption and decryption performed on the client by applying the present invention.

Claims (10)

A hidden KYC data sharing system is applied to a blockchain network for executing a smart contract. The system comprises: an authority, the authority includes: an initial module, used for initial, Publish a KYC (Know Your Customer) data registration contract through blockchain transactions to provide registration and update of at least one KYC data contract, and issue a KYC material through a blockchain transaction to request a registration contract to provide registration and record at least one KYC data request The contract, wherein the KYC data registration contract includes a data registration event and a data update event, the KYC data request registration contract includes a request registration event and an authorization response event; and a verification module for receiving a KYC data for performing Verification, the KYC data includes a plurality of data items, and each of the verified KYC data items is encrypted according to a client public key to generate a corresponding first encrypted content, and then according to a right-of-rights private The key signatures the hash value of each data item to generate a corresponding hash signature value; and a registration module for transmitting the block The chain transaction releases the KYC data contract including an account address, the first encrypted content of each data item, and the hash signature value of each data item, and obtains a corresponding KYC data contract address, and the KYC data. The contract address is registered in the KYC data registration contract for triggering the data registration event to generate a registration completion notification; at least one client, each client includes: a generation module for generating the KYC data, and The KYC data is transmitted to the authority; a detection module is configured to continuously detect a data request notification, and when the data request notification is detected and the account address included therein matches one of the clients And the matching client reads the KYC data contract corresponding to the client from the blockchain network to obtain the account address, the first encrypted content of each data item, and the data item of each data item. a hash signature value, and an authorization permission for each data item is allowed; and an encryption and decryption module for each of the obtained authorization rights and a client private key pair Decrypting the first encrypted content of the data item, and generating a set of keys to encrypt each decrypted data item to generate a corresponding second encrypted content, and then encrypting the set of keys with a financial public key Generating a set of encryption keys, and transmitting the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys to trigger the authorization response event to generate an authorization response notification; and a financial terminal, each financial terminal includes: a request module, configured to issue the KYC data request contract corresponding to the client through a blockchain transaction when requesting the KYC data of the client, and The KYC data request contract is registered in the KYC data request registration contract for triggering the request registration event to generate the data request notification; a receiving module for continuously detecting the KYC data requesting the registration contract for the authorized response event, when After the authorization response event is triggered to generate the authorization response notification, the second encrypted content of each data item and the miscellaneous data item of each data item are received. Signature value and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain the set of keys, and decrypting the second encrypted content of each data item with the set of keys; and The review module is configured to perform a hash value and a signature verification on each of the decrypted data items according to the weighted public key and the hash signature value of each data item, and verify and confirm the hash When the signature value is generated by the authority, each data item that has been decrypted is reviewed. According to the confidential KYC data sharing system of claim 1, wherein the authority further includes an update module for obtaining the corresponding KYC according to the KYC data registration contract after the KYC data update is completed. The KYC data contract of the data, and triggering the data update event to generate an update completion notification. According to the confidential KYC data sharing system of claim 1 of the scope of patent application, the authority shall issue a KYC rating contract at the same time as the registration of the KYC data contract, and a KYC rating of the KYC rating contract. The contractual address is registered to a pre-released KYC rating registration contract for allowing the financial terminal that obtains the authorization authority to rate and risk the KYC data of the client. According to the confidential KYC data sharing system of claim 1 of the patent application scope, the initial module of the authority side issues a KYC execution registration contract through the blockchain transaction for recording at least one KYC data execution contract. Execution result, the KYC data execution contract records each data item and its signature reviewed by the financial terminal. According to the confidential KYC data sharing system of claim 1, wherein the initial module of the authority further issues an account link contract through the blockchain transaction for storing at least one corresponding to each client. The account address is such that the account address corresponds to the same KYC data, and the account address is allowed to be added or deleted, and after the financial terminal verifies the account address, the same KYC is allowed to be received with different the account address. data. A hidden KYC data sharing method, which is applied to a blockchain network for executing smart contracts, and the steps include: 1. The first time an authority issues a KYC (Know Your Customer) data through the blockchain transaction. A registration contract to provide registration and renewal of at least one KYC data contract, and a KYC data request for registration through a blockchain transaction to provide registration and record of at least one KYC data request contract, wherein the KYC data registration contract includes a data registration event And a data update event, the KYC data request registration contract includes a request registration event and an authorization response event; at least one client generates the corresponding KYC data, and transmits the KYC data to the rights terminal, the KYC data includes a plurality of data items; the authority verifies the received KYC data, and encrypts each of the verified KYC data items according to a client public key to generate a corresponding first encrypted content, and then Signing the hash value of each data item according to a weighted private key to generate a corresponding hash signature value; Transmitting, by the blockchain transaction, the KYC data contract including an account address, the first encrypted content of each data item, and the hash signature value of each data item, and obtaining a corresponding KYC data contract address, and The KYC data contract address is registered in the KYC data registration contract for triggering the data registration event to generate a registration completion notification; at least one financial terminal issues the corresponding location through the blockchain transaction when requesting the KYC data of the client Determining the KYC data request contract of the client, and registering the KYC data request contract in the KYC data request registration contract, for triggering the request registration event to generate a data request notification; the client detects the data After requesting the notification and the account address included in the account matches one of the clients, the matching client reads the KYC data contract corresponding to the client from the blockchain network to obtain the account. Address, the first encrypted content of each data item, and the hash signature value of each data item, and allows each item to be set An authorization authority; the client decrypts the first encrypted content of each data item obtained according to the authorization authority and a client private key, and generates a set of keys for each decrypted data item. Encrypting generates a corresponding second encrypted content, and encrypting the set of keys with a financial public key to generate a set of encryption keys, and transmitting the second encrypted content of each data item, the data item of each data item The hash signature value and the set of encryption keys are used to trigger the authorization response event to generate an authorization response notification; the financial terminal continuously detects the authorization response event of the KYC data request registration contract, when the authorization response event is triggered to generate the After the authorization response notification, receiving the second encrypted content of each data item, the hash signature value of each data item, and the set of encryption keys, and decrypting the set of encryption keys with a financial side private key to obtain the a group key, and then decrypting the second encrypted content of each data item with the set of keys; and the financial end is based on a weighted public key and the hash of each data item The signature value, the hash value and the signature verification are performed on each data item that has been decrypted, and each data item that has been decrypted is reviewed when it is verified and confirmed that the hash signature value is generated by the authority side. . The KYC data sharing method according to the sixth aspect of the patent application scope, wherein the method further comprises: after the KYC data update is completed, obtaining the KYC data contract corresponding to the KYC data according to the KYC data registration contract, and triggering The data update event generates a step of updating the completion notification. According to the confidential KYC data sharing method of claim 6 of the patent application scope, the authority end issues a KYC rating contract at the same time as registering the KYC data contract, and evaluates a KYC rating of the KYC rating contract. The contractual address is registered to a pre-released KYC rating registration contract for allowing the financial terminal that obtains the authorization authority to rate and risk the KYC data of the client. According to the KYC data sharing method of claim 6 of the patent application scope, the method further includes that the authority first issues a KYC execution registration contract through the blockchain transaction to record at least one KYC data. Executing the execution result of the contract, the KYC data execution contract records the steps of each data item and its signature reviewed by the financial side. According to the privacy KYC data sharing method of claim 6, wherein the method further includes that the rights terminal initially issues an account link contract through the blockchain transaction to store each client corresponding At least one account address, such that the account address corresponds to the same KYC data, and the account address is allowed to be added or deleted, and after the financial terminal verifies the account address, permission to receive with the different account address is allowed. The same steps as the KYC data.